back to article Would you trust 'spyproof' mobes made in Putin's Russia?

A Russian firm is developing its own anti-surveillance enterprise smartphone prototype - the TaigaPhone. The secure handset from Taiga Systems will bundle security software from sister security firm InfoWatch Group onto a hardened version of Android. The smartphone is likely to be positioned against the Blackphone, which has …

  1. alain williams Silver badge

    Who do you fear most ?

    NSA/GCHQ or KGB ?

    If I were any of the above I would be setting up companies that sell security products and put a few backdoors in all products. To deal with security companies that I did not 'own' - I would also get a few employees on side by helping them out of problems (financial/drug/marital/...) - problems which I would prob have put them into in the first place.

    Maybe they are not doing this; but would anyone believe them if they said not ?

    1. Buzzword

      Re: Who do you fear most ?

      It depends on who you are trying to hide from.

      If you intend to commit crimes in one country (e.g. the USA), then it makes sense to buy a "spyproof" phone from a country which doesn't have a Five-Eyes style intelligence-sharing agreement with that country (e.g. Russia). Even if the Russians have hacked your phone, they won't tell the Americans what you're up to, for fear of divulging their intelligence capabilities.

      1. Otto is a bear.

        Re: Who do you fear most ?

        No, but they might well see you as an intelligence asset, you have broken the law, thus you can be blackmailed, and the fact that it was a back door in your security software could easily be circumvented. Once you know someone has done something, it's possible to prove they did it another way, or at least to appear to do so.

        Personally, I wouldn't touch a Russian sourced IT security product, or a Chinese one, Ah.........

      2. Chris G

        Re: Who do you fear most ?

        Living in the West I think I would trust the ruskie ahead of the Israeli item.

      3. Olius

        Re: Who do you fear most ?

        I think you might be on to something, Buzzword. I'd consider buying one from each company and gaffa taping them together, just to be sure.

      4. NoneSuch Silver badge

        "Edward Snowden was so concerned about smartphone microphones as a conduit for eavesdropping that he famously asked journalists and lawyers who visited him after he hot-footed it to Hong Kong to place their smartphones in hotel fridges."

        Says it all doesn't it? In the end, brands probably don't matter as long as the nation state is trying to compromise any technology in your possession. Whatever you have, you can't trust it. Which also says volumes about our trust in the state.

        1. Bleu

          It is easy enough to switch the thing off.

          Snowden was in an unusual situation, where he had reason to expect a visit from a 'friend' carrying an always-on transmitting device.

          That is not how it goes in general.

      5. Matt Bryant Silver badge
        Stop

        Re: Buzzword Re: Who do you fear most ?

        ".....If you intend to commit crimes in one country (e.g. the USA), then it makes sense to buy a "spyproof" phone from a country which doesn't have a Five-Eyes style intelligence-sharing agreement with that country (e.g. Russia)......" Seriously? OK, please stop and actually think that through for a sec. No matter how "top-tech" your phone is, to work on any mobile network it requires a unique identifier, an IMEI number. Each IMEI number includes a portion that identifies the model and maker, so carrying around one of these phones is like painting a bullseye on your back. Now, you may try and be smart and use software to fake your IMEI by cloning that of another phone, but the networks are already looking for such users to cut down on fraud and have tools for finding cloned phones and blocking their network access (and, if you use the IMEI of a stolen phone, they notify the police of when and where). If the spooks or police ask the networks then they will track and record all traffic to and from a specific IMEI number. And its alleged that the spooks have tools for looking for phones with normal IMEI numbers that use unusual software not usually found on a normal phone (such as non-standard encryption). So a cloned IMEI number might just provide a false sense of security.

        Then, once you realise your phone has actually just drawn attention to you, you need to realise the spooks are just as interested in the metadata of who you call as what you transmit. If the receiver is a normal phone then they can simply hijack the other end of the connection, making your efforts futile. Either way, every time you use your "spy-proof" phone you simply add to the metadata collection.

        And, finally, history has shown that vendors and networks will open themselves up at home government request to stay in business, so whilst your new "spy-proof" phone may protect you from some spies it probably won't against all.

        In all, you're probably better off just using a normal phone and hiding in the background noise, and being smart about what you actually use the phone for. That's if you even have a real reason to worry in the first place.

      6. Yet Another Anonymous coward Silver badge

        Re: Who do you fear most ?

        Given the list of things that are now "terrorist" in the eyes of NSA/GCHQ- like protesting oil pipelines, merchant banks, billionaire tax evasion, or union activities - then I assume you would get a commendation from the KGB

    2. The Man Who Fell To Earth Silver badge
      Go

      Would you trust 'spyproof' mobes made in Putin's Russia?

      Why not? After all, they are assembled by my good friend the Easter Bunny.

      1. Anonymous Coward
        Mushroom

        Re: Would you trust 'spyproof' mobes made in Putin's Russia?

        Trust is either a matter of faith or a matter of verification.

        I am not into theology, so wherever it was made I would only consider it trustworthy it if it was open to verification - its schematics published, its components generic, its firmware open sourced, and independent oversight during manufacture and distribution.

        Nuclear explosion icon because it's the same issue in nuclear disarmament. You don't see anyone say "you look like an honest government, so we'll trust you" there.

      2. Roland6 Silver badge

        Re: Would you trust 'spyproof' mobes made in Putin's Russia?

        Also why not? Many security programs that have been happily running on many of our Windows PC's for years, such as Kaspersky, originate from companies and development teams based in Russia...

        1. Matt Bryant Silver badge
          Stop

          Re: Roland6 Re: Would you trust 'spyproof' mobes made in Putin's Russia?

          ".....Many security programs that have been happily running on many of our Windows PC's.... originate.... in Russia..." Er, no. Whilst I might pay attention to what Kaspersky has to say on security issues I do not run his or any other software of Russian origin, thanks.

    3. dogged
      Headmaster

      Re: Who do you fear most ?

      FSB.

      The Комите́т госуда́рственной безопа́сности (KGB) ceased to exist in 1991. The Федеральная служба безопасности Российской Федерации (the Federalnaya sluzhba bezopasnosti Rossiyskoi Federatsii or FSB) was formed in 1995.

      Officially.

      1. O RLY

        Re: Who do you fear most ?

        Exactly right. And Pooty Poot was FSB's second director...

    4. Matt Bryant Silver badge
      Facepalm

      Re: Alain Williams Re: Who do you fear most ?

      "NSA/GCHQ or KGB ?....." Not the KGB as it doesn't exist anymore. You might replace them with the SVR CF or GRU if outside Russia or the FSB if inside Russia. You could also add the MOSSAD, SAVA, ABIN, CSE, MSS, or any other combination of letters dependent on your flavour of repression/paranoia. If I was in a position to have to actually worry, then a phone from Russia or China or even Israel would be off my list, but I don't actually have a reason to worry. As do the majority of the Western population.

  2. Kraggy

    So tell me, in the aftermath of Snowden's revelations, why are you suggesting Putin's Russia is any less to be trusted that Obama's America or Cameron's Britain?

    America's hubris over alleged Chinese government 'cybercrime' and Huawei is now apparent to all, the NSA and GCHQ are no better and likely far worse!

    Fact is Snowden has proved what many probably knew, no government can be trusted and to suggest by inference the 'west' is any better than Russia is laughable: as for the 'east' (eg. Korea) I see no reason to think they're different either.

    1. Anonymous Coward
      Anonymous Coward

      Re:Would you trust 'spyproof' mobes made in Putin's Russia?

      NSA/GCHQ and their Chinese/Russian/Israeli/French/etc counterparts would all like to see "everything" the only difference between them is their organisational limts (money/access/government oversight).

      In Spy vs Spy - just because the white guy I thought was helping me is listening to all my calls/monitoring my Internet access doesn't mean that the black guy wouldn't do the same (if he hasn't succeeded already. Replace "white guy" and "black guy" with any of the spy agencies mentioned above.

    2. Otto is a bear.

      I disagree, unfashionable but......

      In the West, you can generally trust your government to do what you voted them in to do, as well as the things they have to do, to protect your nation from inside and out. All Snowdon has done is shown that they are doing just that, and that it has scaled up in scope to meet the modern era.

      It is not the fault of the Governments that mostly we don't chuck them out often enough, and allow parties to become embedded, and similar. Vote for someone else, even in the US there are alternatives to Democrat and Republican.

      1. Anonymous Coward
        Anonymous Coward

        Re: I disagree, unfashionable but......

        Last thing the US needs is more Bush. Yet they Republicans love that family.

        1. Anonymous Coward
          Anonymous Coward

          Re: I disagree, unfashionable but......

          Last thing the US needs is more encryption is military munition, Clipper Chip Clinton. Yet the Democrats love that family.

      2. Pascal Monett Silver badge
        Windows

        Re: "you can generally trust your government to do what you voted them in to do"

        Yeah, sure. Because Presidents always do what they promised they would.

        I'll have a round of whatever it is you're taking.

        Seriously, I've been following politics for the past 30 years. The conclusion that I have come to is that it doesn't matter who you vote for. In the best case, you get a politician that doesn't screw up the economy. In the worst case, well, you get Dubya.

        The rest all depends on the economy, and the economy is every one of us. So, in the end, it's up to us to get out of a crisis, no matter what a government says.

      3. I am not spartacus

        Re: I disagree, unfashionable but......

        "In the West, you can generally trust your government ...

        Well, technically you are correct that you can, but maybe it is unwise...

        ...to do what you voted them in to do...

        Hmm, can't so much remember any governments who fully did what the electorate voted them in to do, although some had better excuses than others. Some had effectively no worthwhile excuse and some were in a situation unanticipated at the time of election or promised, intentionally or otherwise, things that were ambiguous. And some only had a choice between bad options and the least worst was all that they could do, and they don't get much credit for that.

        ...to protect your nation from inside and out...

        To protect their own arses, more like. Not sure about the 'inside and out' bit, though. I'll admit though, rather like football referees, sometimes we have expectations that probably won't be met by normal human beings. We have just made the job too difficult, but that doesn't excuse a lot of the worst things that politicos do.

        I can't honestly say that I share your faith in the general niceness of politicians, and any that are nice tend to be sidelined by the system. But it is good that someone has that unsullied point of view, rather than us all being cynical and disillusioned.

    3. Tapeador
      FAIL

      @Kraggy

      "no government can be trusted and to suggest by inference the 'west' is any better than Russia is laughable"

      Get a grip. No government can be trusted to do what? There is unlawfulness and there is not recognising law. Russia is an absolute stranger to the rule of law, domestically and internationally. Good luck finding judicial or Parliamentary disagreement with the executive in Russia.

      The moral basis for western interventions in recent years has been of an entirely different order than Russia's which amounts simply to "HULK STRONG, HULK TAKE".

      1. Yet Another Anonymous coward Silver badge

        Re: @Kraggy

        Whereas we have the knowledge that Lord X will eventually produce a public inquiry on the matter which will totally exonerate the government.

        At least secret police thugs cost less/hour than QCs

  3. Anonymous Coward
    Anonymous Coward

    The more the merrier

    Let's face it - we cannot completely trust _ANY_ smartphone regardless of its security labels.

    There will always be something in it which is built, designed and assembled in a location that is not particularly trustworthy. Same goes for the software on it. In addition to that, when you add the global reachability of the Internet into the equation you get a device that simply cannot be guaranteed not to spy on you.

    So from that perspective the thumbs down on the picture reflects a rather unrealistic view of the world.

    If we take a more realistic view of the world, then it is a valid and valuable extra option in addition ot the Blackphone, etc. You just choose whose spying you consider to be the lowest risk to your current work (and life).

  4. Robert E A Harvey

    Experience

    >"Would you trust 'spyproof' mobes made in Putin's Russia?"

    well, to be fair, the people molishing them have a lot of background experience in being spied upon. They may well know of what they speak.

    And, as AW says above, I fear the near government more than the far away one!

  5. Neil Barnes Silver badge

    Switching off phones does not disable built-in GPS functionality

    Anyone able to explain?

    What happens if the location services are turned off (assuming of course a clean phone).

    Enquiring minds want to know!

    1. Androgynous Cupboard Silver badge

      Re: Switching off phones does not disable built-in GPS functionality

      Seconded, this sentence makes no sense to me. Turning the phone off most certainly disables it.

      1. AndyS

        Re: Switching off phones does not disable built-in GPS functionality

        If it doesn't, then I want to know about the secret power-free GPS devices that apparently every phone must be using. Because in my experience, GPS is one of the most power-hungry devices on a modern phone.

        Even finding a stand-alone GPS logger with a built in battery good for more than a few hours is hard work - get me this one that still works without being powered up, and I will be very happy!

      2. Anonymous Coward
        Anonymous Coward

        Re: Switching off phones does not disable built-in GPS functionality

        when you turn off your phone is it actually powering off or going into some variety of stand-by mode?

        If it is powering off then it is probably not possible to turn it on remotely, covertly or otherwise. If it is stand-by mode then it is possible with malware to take control of the handset.

        A bigger risk is whether or not you can control a phone via the baseband layer. The baseband sits below the software OS level. But even then, wouldn't you need the OS to use GPS?

        I'll stop rambling now and try to post something coherent later on.

    2. Anonymous Coward
      Anonymous Coward

      Re: Switching off phones does not disable built-in GPS functionality

      Enquiring minds want to know!

      If you get your "scientific" info from NCIS:LA you'll know that all TV phones can be tracked by their inbuilt GPS, which can only be disabled by removing the battery and preferably stomping on the phone.

      Fortunately for us, Hollywood isn't yet in the mobile phone business.

    3. Matt Bryant Silver badge
      Boffin

      Re: Neil Barnes Re: Switching off phones does not disable built-in GPS functionality

      "Anyone able to explain?...." It's due to user expectation of a fast GPS lock. If you had a first gen GPS device you might recall they could take even minutes to get a lock and tell you where you were. Users demanded a better experience, so second gen and later devices either periodically wake themselves up and sync or just stay continually on in the background. The actual GPS receivers are not that power-hungry, it is the display of the maps, the loading of the maps from memory, and the associated communications with servers (point-of-interest, localized advertising, etc.) that chews through the battery.

      "....What happens if the location services are turned off (assuming of course a clean phone)...." The phone still knows where you are as long as the GPS is updating in the background, it's just not telling Google or Apple or Microsoft where you are. That does not mean the networks are not receiving the GPS data (and they can triangulate on your signal anyway).

      1. Pascal Monett Silver badge

        Thanks for the info, Matt. That was quite an interesting read.

      2. Neil Barnes Silver badge

        Re: Neil Barnes Switching off phones does not disable built-in GPS functionality

        Cheers, Matt. I was unaware that the receiver was a full-time operation; I had assumed (stupid) that with the service off, the sensor was also off. Bugger.

        I was aware of tower triangulation.

      3. Yet Another Anonymous coward Silver badge

        Re: Neil Barnes Switching off phones does not disable built-in GPS functionality

        The GPS receivers (or rather the calculation of position) is very power intensive.

        The solution with 2nd generation GPS was to use base station triangulation as a starting point rather than a lock from first principles, together with an accurate time reference, avoiding the need to keep an updated position..

        The newest generation can pass the semi-raw GPS signal to be processed in the base station or even in the cloud and the result returned to the phone.

      4. Androgynous Cupboard Silver badge

        Re: Neil Barnes Switching off phones does not disable built-in GPS functionality

        A GPS does not "wake itself or stay continually on in the background" - the "fast GPS lock" you're describing is called "hot start" and is a result of the GPS not having to download the almanac (of satellite location) when powered up, which takes several minutes.

        A battery backup on the GPS isn't used to wake the GPS, it's simply to keep the almanac in memory. That's why the draw when in this standby mode is in the nanoamps. I don't have first hand knowledge of the GPS chip inside smartphones, but I'd be surprised if they didn't work this way simply because there's no need for them to - Apple will be buying commodity GPS chips, and this is how they're usually(*) designed.

        There's an easy way to check - turn off your phone, take a plane flight to the other side of the world and turn it on. If it gets a GPS lock within a few seconds, it's been surreptitiously powering itself up to track its location. If it takes a few minutes, as I expect it will, then the GPS has found its almanac no longer applies and has downloaded a new one.

        However, Matt, you/re right that the GPS is not a power hungry device, again it's a few tens of milliamps normally.

        (*) putting my neck out here, but I've yet to see one that isn't.

        1. I am not spartacus

          Re: Neil Barnes Switching off phones does not disable built-in GPS functionality

          There is hot start, warm start and cold start.

          Cold start, where you don't know which satellites to look for takes - relatively - ages. Better is to already have an idea of which satellites are likely to be there. If you have an approximate idea of position, from either last lock (you may have been moving, and the satellites certainly have been) or by triangulation, or even known locations of WiFi signals, then you can get close to the hot start times.

      5. Bleu

        Re: Neil Barnes Switching off phones does not disable built-in GPS functionality

        If you switch geolocation off, the design, if any good, should cut off power and the clock signal to the GPS module. This saves a little battery life.

        That is how the chips are designed.

        So, it is not running if you switch robolocation off.

        Matt is correct that coordinate transfer to and from the provider and display with maps use even more power, but GPS modules are quite power-hungry in themselves

        GPS modules don't send anything themselves.

        Matt's reply is correct on some but not all points. The phone should not be updating in the background if location services are switched off because of what I said above.

        They shouldn't do it in the background either, with geolocation on and the phone off, but I would not be surprised if that claim is true, particularly in the case of Apple devices.

        For my own part, I prefer the combination of maps, asking people, knowing where I am and thd time of day, a compass, and a bit of randomness, any time.

    4. BillG
      Big Brother

      Re: Switching off phones does not disable built-in GPS functionality

      What happens if the location services are turned off (assuming of course a clean phone).

      Without GPS active, your location can still be determined by triangulation between three cell towers.

  6. Anonymous Coward
    Anonymous Coward

    Would you trust 'spyproof' mobes made in Putin's Russia?

    No less than I would trust any American (or 5-eyes member country) product.

  7. cantankerous swineherd

    pop a sim from gemalto in and you're hot to trot.

  8. Anonymous Coward
    Anonymous Coward

    Prereq: Open hardware AND open software

    So the whole package can be audited.

    In addition, you'll want the ability to swap in/swap out modular components like GPS radios (with software that can continue to function even with one or more components removed). GPS can't beacon your location if it's not physically plugged in (and yet, I know GPS is a dependency for some services -- the point is that you get to prioritize their importance for yourself).

    Until then: trust nothing, and certainly don't waste money on "secure" phones made for/by the surveillance industrial complex.

  9. T. F. M. Reader

    So they own all the circuitry...

    Why would they build anything but a GPS receiver into a supposedly secure phone then? A receiver should be enough for navigation, and I can only associate transmitting location data with a threat to privacy - what am I missing?

    1. DropBear
      Facepalm

      Re: So they own all the circuitry...

      There is no such thing as a GPS "transmitter". However, once you have a GPS receiver in your phone, said phone has a variety of ways to exfiltrate your location information through the GSM network / your WiFi connection etc. - all it takes is a piece of software running somewhere on that phone handing it out to its masters.

      1. Yet Another Anonymous coward Silver badge

        Re: So they own all the circuitry...

        There are GPS transmitters but they are rather large and obvious and generally bolted to satelites

  10. Zog_but_not_the_first
    Big Brother

    Sigh!

    I'm afraid it all boils down to this.

  11. Anonymous Coward
    Anonymous Coward

    it depends

    I would imagine for most of us who live in the west, our private dealings are of far more interest to our own governments than to some government on the other side of the world. The blanket surveillance is targeted at everyone with very good reason - it has nothing to do with terrorism, and everything to do with monitoring public dissent and organization as expressed through protest groups, movements like 'Occupy', environmentalists, political and civil rights activists, etc. You only need to look at the groups the Met has been infiltrating illegally to see this.

    On that basis, I'd not trust any device, but would probably have less reason to fear the Russians watching me than the UK government.

  12. JamesPond
    FAIL

    If the SIM is compromised, what does it matter?

    As per earlier ElReg article, it appears the underlying SIM has been compromised. Therefore what does it matter whether you think a Russian, Israeli or other built phone is secure or not, the SIM is leaking your data to NSA/GCHQ/FSB/Unit8200 et al.

    1. BristolBachelor Gold badge

      Re: If the SIM is compromised, what does it matter?

      All the SIM does is effectively validate who you are via key checking and allow some normal encryption between you are the base station. Since you can't trust the network anyway, the data needs to be separately encrypted on the phone, and decrypted by the receiver's phone. In that case having the key to the normal encryption only allows you to decrypt that part of it in the air between phone and base station. However, the separate encryption would still be intact .

  13. amanfromMars 1 Silver badge

    Of Mind Games and Mined Games, is Power Command and Fiat Control an Explosive Intelligence Asset?

    Regarding supposed security and encryption for any sort of virtual communication, beware the bearer of gifts, for nothing is as it seems and privacy and secrecy are surely a myth …….. http://pando.com/2015/03/01/internet-privacy-funded-by-spooks-a-brief-history-of-the-bbg/

    :-) The abiding enduring problem though for all and any into maintaining and retaining power in a status quo position, is in fully clearly understanding what one may be intercepting and/or reading/listening to …… which then leads to the dilemma of whether one is able to do anything effective against what one may have learned, or even if one should, for one could always choose to support what one may have discovered …. or thought one had discovered, if there be an effective enough security surrounding something novel and creative and/or sublimely disruptive, and it just be the truth exposing a perverse and corrupt system/executive administration/command and control methodology.

    Truth is unassailable and unbeatable, and to conceal it reveals one to be surely intellectually challenged and in many certain cases to be a person of interest to terrify and even terrorise, if one be thought worthy of such attention, for spinning false tales and dodgy trails indicates a rabid disregard for all but oneself and a few close friends, does it not? And that is not cricket, old bean, is it?

  14. Ilsa Loving

    VERY secure

    I don't doubt that this phone is very secure. And as an added bonus, if you do something that Putin doesn't like then you don't even have to worry about being arrested.

    The hidden chamber will simply fire a bullet into your brain the next time you try to make a phone call.

  15. Polyphonic
    Big Brother

    Unlikely as it may seem..

    Given the predeliction of the Russian government for control of all forms of communications in that country I do not believe they will not have a backdoor into this phone.

    Smartphones are inherently unsafe.

  16. Will Godfrey Silver badge
    Unhappy

    If you ever wondered why there wasn't an off switch that physically disconnects the battery, wonder no more.

    1. Anonymous Coward
      Anonymous Coward

      Known state

      No computer likes to be shutdown in an unknown state. Try unplugging your PC without shutting down.

      Switches are fragile and bulky things when compared to mobiles more common capacitor/FET combination.

      Suggest you go for a phone with a removable battery. One less problem.

  17. amanfromMars 1 Silver badge

    Novel IntelAIgents Arms Racing. Gentlemen, Start urEngines. Vorsprung durch AITechnik

    Considering how much thought to be held private and secret but which be easily known, what do current states of Great Games play tell y'all of established legacy leaderships' intelligence and the dire straits use which they make of it?

    Such second rate, sub-prime systems are catastrophically vulnerable to smarter problem device attack and admin takeover and/or makeover.

    And the problem? PEBKAC.

    Remove and/or terminate with extreme prejudice the problem, solves that particular and peculiar problem is a KISS answer, and extremely effective too.

  18. Ole Juul

    I feel old

    Settings can be turned right down so the only functionality on the phone that still works is the ability to make and receive phone calls.

    And that would make it next to useless, I take it.

  19. Bleu

    I don't know about your tasteless headline 'Putin's Russia'

    but if I really felt the need for an especially secure phone, the product from this company would be more likely to be fit for purpose than one from Israel or the USA, with so much of telecomms controlled by the same place.

    I also thought the Russian dual-screen phone, electronic paper on one side, active display on the other, seemed like a very good idea.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like